Computer system of computer servers and dedicated computer clients specially programmed to generate synthetic non-reversible electronic data records based on real-time electronic querying and methods of use thereof

ABSTRACT

In some embodiments, the present invention provides for an exemplary computer system which includes at least: a graphical user interface client; a dedicated application server; the dedicated application server is configured to connect to the graphical user interface client and an electronic source with electronic data records; where the electronic data records include real identification identifiers of real individuals; where the graphical user interface client is configured to generate at a graphical user interface that is configured to receive user authenticating credential information and to conduct a real-time electronic negotiation querying session between the user and the dedicated application server to generate a plurality of non-reversible synthetic electronic data records of a plurality of synthetic individuals, by utilizing at least one statistical technique so that the plurality of non-reversible synthetic electronic data records cannot be used to identify any real individual in the plurality of electronic data records.

RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.15/592,779, filed May 11, 2017, now U.S. Pat. No. 9,965,650, whichclaims priority of U.S. Provisional Appln. No. 62/334,952, filed May 11,2016, which are incorporated herein by reference in their entirety forall purposes.

FIELD OF TECHNOLOGY

The subject matter herein generally relates to computer system ofcomputer servers and dedicated computer clients specially programmed togenerate synthetic non-reversible electronic data records based onreal-time electronic negotiation querying and methods of use thereof.

BACKGROUND OF THE INVENTION

For example, a typical electronic querying can involve an electronicexchange one or more electronic messages having software-based queryconstruction(s) of one or more variable-value pairs between a particularsoftware client and its dedicated server, where the software clientresides remotely form its dedicated server.

SUMMARY OF THE INVENTION

In some embodiments, the present invention provides for an exemplarycomputer system which includes at least the following components: atleast one graphical user interface client; at least one dedicatedapplication server; where the at least one dedicated application serverat least includes: a non-transitory memory storing instructions and atleast one server processor; where, when executing the instructions bythe at least one server processor, the at least one dedicatedapplication server is configured to operationally connect to the atleast one graphical user interface client and at least one electronicsource with a plurality of electronic data records; where the pluralityof electronic data records includes at least 10,000 data records; wherethe plurality of electronic data records includes real identificationidentifiers of real individuals; where the at least one graphical userinterface client is configured to utilize at least one processor of acomputing device of a user to: generate at least first graphical userinterface that includes: i) at least one first programmable softwareobject which is configured to receive user authenticating credentialinformation; where the at least one dedicated application server isconfigured to assign an anonymity level to the user based on userauthenticating credential information; ii) a plurality of secondprogrammable software objects which are configured to conduct at leastone real-time electronic negotiation querying session between the userand the at least one dedicated application server; where the at leastone real-time electronic negotiation querying session is configuredto: 1) receive, from the user, via the plurality of second programmablesoftware objects, at least the following: a) at least one of: aplurality of personal event data parameters of at least one personalevent and at least one demographic identifier, and b) a plurality ofreference event data parameters of at least one reference event, wherethe plurality of reference event data parameters of the at least onereference event include a plurality time-related property dataparameters for at least one time-related property of the at least onereference event; 2) allow, the user, via the plurality of secondprogrammable software objects, to iteratively adjust the plurality ofpersonal event data parameters of the at least one personal event and atleast one of the at least one demographic identifier and the pluralityof reference event data parameters of the at least one reference eventso that, based on the anonymity level of the user, there is a matchedsubset of a minimal number of real individuals associated with theplurality of electronic data records of the at least one electronicsource match the at least one personal event and the at least onereference event; 3) display, in real-time, an indication of how manyreal individuals are in the matched subset; 4) generate, with eachadjustment iteration, a plurality of non-reversible synthetic electronicdata records of a plurality of synthetic individuals, by utilizing atleast one statistical technique to perform at least one of:self-recalculation of discrete values of the plurality of electronicdata records of the matched subset and self-transformation categoricalvalues of the plurality of electronic data records of the matchedsubset; and 5) electronically output, for the user, the plurality ofnon-reversible synthetic electronic data records of the plurality ofsynthetic individuals to at least one electronic destination associatedwith the user; and where the plurality of non-reversible syntheticelectronic data records of the plurality of synthetic individuals: a)are statistically representative of the matched subset, b) have at leastone synthetic identification identifier corresponding to at least onereal identification identifier of a real individual from the matchedsubset, and c) cannot be utilized to identify any real individual fromthe matched subset.

In some embodiments, the at least one dedicated application server isconfigured to assign the anonymity level to the user based on an entityaffiliation of the user.

In some embodiments, the at least one statistical technique is aconditional probability methodology.

In some embodiments, the at least one real-time electronic negotiationquerying session is further configured to generate at least onecomparison report, analyzing all pairs of variables between theplurality of electronic data records of the matched subset and theplurality of non-reversible synthetic electronic data records of theplurality of synthetic individuals.

In some embodiments, the at least one comparison report is generatedbased on pearson's correlation for each pairs of variables between theplurality of electronic data records of the matched subset and theplurality of non-reversible synthetic electronic data records of theplurality of synthetic individuals.

In some embodiments, the plurality of electronic data records are aplurality of electronic medical records.

In some embodiments, the plurality of non-reversible syntheticelectronic data records of the plurality of synthetic individuals areHIPAA self-compliant.

In some embodiments, the at least one synthetic identificationidentifier is de-identification identifier which is required, based onHIPAA, to be removed from the plurality of electronic data records ofthe matched subset prior to being outputted to the at least oneelectronic destination associated with the user.

In some embodiments, the present invention provides for an exemplarycomputer system which includes at least the following steps: causing toinstall at least one graphical user interface client on a computingdevice of a user; where the at least one graphical user interface clientis configured to operationally connect to at least one dedicatedapplication server; where the at least one dedicated application serverincludes: a non-transitory memory storing instructions and at least oneserver processor; where, when executing the instructions by the at leastone server processor, the at least one dedicated application server isconfigured to operationally connect to the at least one graphical userinterface client and at least one electronic source with a plurality ofelectronic data records; where the plurality of electronic data recordsincludes at least 10,000 data records; where the plurality of electronicdata records includes real identification identifiers of realindividuals; where the at least one graphical user interface client isconfigured to utilize at least one processor of the computing device ofthe user to: generate at least first graphical user interface thatincludes: i) at least one first programmable software object which isconfigured to receive user authenticating credential information; wherethe at least one dedicated application server is configured to assign ananonymity level to the user based on user authenticating credentialinformation; ii) a plurality of second programmable software objectswhich are configured to conduct at least one real-time electronicnegotiation querying session between the user and the at least onededicated application server; where the at least one real-timeelectronic negotiation querying session is configured to: 1) receive,from the user, via the plurality of second programmable softwareobjects, at least the following: a) at least one of: a plurality ofpersonal event data parameters of at least one personal event and atleast one demographic identifier, and b) a plurality of reference eventdata parameters of at least one reference event, where the plurality ofreference event data parameters of the at least one reference eventinclude a plurality time-related property data parameters for at leastone time-related property of the at least one reference event; 2) allow,the user, via the plurality of second programmable software objects, toiteratively adjust the plurality of personal event data parameters ofthe at least one personal event and at least one of the at least onedemographic identifier and the plurality of reference event dataparameters of the at least one reference event so that, based on theanonymity level of the user, there is a matched subset of a minimalnumber of real individuals associated with the plurality of electronicdata records of the at least one electronic source match the at leastone personal event and the at least one reference event; 3) display, inreal-time, an indication of how many real individuals are in the matchedsubset; 4) generate, with each adjustment iteration, a plurality ofnon-reversible synthetic electronic data records of a plurality ofsynthetic individuals, by utilizing at least one statistical techniqueto perform at least one of: self-recalculation of discrete values of theplurality of electronic data records of the matched subset andself-transformation categorical values of the plurality of electronicdata records of the matched subset; and 5) electronically output, forthe user, the plurality of non-reversible synthetic electronic datarecords of the plurality of synthetic individuals to at least oneelectronic destination associated with the user; and where the pluralityof non-reversible synthetic electronic data records of the plurality ofsynthetic individuals: a) are statistically representative of thematched subset, b) have at least one synthetic identification identifiercorresponding to at least one real identification identifier of a realindividual from the matched subset, and c) cannot be utilized toidentify any real individual from the matched subset.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention can be further explained with reference to theattached drawings, wherein like structures are referred to by likenumerals throughout the several views. The drawings shown are notnecessarily to scale, with emphasis instead generally being placed uponillustrating the principles of the present invention. Therefore,specific structural and functional details disclosed herein are not tobe interpreted as limiting, but merely as a representative basis forteaching one skilled in the art to variously employ the presentinvention.

FIGS. 1-4 illustrate certain computer architectures in accordance withat least some principles of at least some embodiments of the presentinvention.

FIGS. 5-6M show screenshots of computer interfaces which arerepresentative of some exemplary aspects of the present invention inaccordance with at least some principles of at least some embodiments ofthe present invention.

FIGS. 7A-8 show some exemplary aspects of the present invention inaccordance with at least some principles of at least some embodiments ofthe present invention.

DETAILED DESCRIPTION OF THE INVENTION

Among those benefits and improvements that have been disclosed, otherobjects and advantages of this invention can become apparent from thefollowing description taken in conjunction with the accompanyingfigures. Detailed embodiments of the present invention are disclosedherein; however, it is to be understood that the disclosed embodimentsare merely illustrative of the invention that may be embodied in variousforms. In addition, each of the examples given in connection with thevarious embodiments of the present invention is intended to beillustrative, and not restrictive.

Throughout the specification, the following terms take the meaningsexplicitly associated herein, unless the context clearly dictatesotherwise. The phrases “in one embodiment” and “in some embodiments” asused herein do not necessarily refer to the same embodiment(s), thoughit may. Furthermore, the phrases “in another embodiment” and “in someother embodiments” as used herein do not necessarily refer to adifferent embodiment, although it may. Thus, as described below, variousembodiments of the invention may be readily combined, without departingfrom the scope or spirit of the invention.

In addition, as used herein, the term “or” is an inclusive “or”operator, and is equivalent to the term “and/or,” unless the contextclearly dictates otherwise. The term “based on” is not exclusive andallows for being based on additional factors not described, unless thecontext clearly dictates otherwise. In addition, throughout thespecification, the meaning of “a,” “an,” and “the” include pluralreferences. The meaning of “in” includes “in” and “on.”

It is understood that at least one aspect/functionality of variousembodiments described herein can be performed in real-time and/ordynamically. As used herein, the term “real-time” is directed to anevent/action that can occur instantaneously or almost instantaneously intime when another event/action has occurred. In some embodiments, theterms “instantaneous,” “instantaneously,” “instantly,” and “in realtime” refer to a condition where a time difference between a first timewhen a search request is transmitted and a second time when a responseto the request is received is no more than 1 second. In someembodiments, the time difference between the request and the response isbetween less than 1 second and several seconds (e.g., 5-10 seconds).

As used herein, the term “dynamic(ly)” means that events and/or actionscan be triggered and/or occur without any human intervention. In someembodiments, events and/or actions in accordance with the presentinvention can be in real-time and/or based on a predeterminedperiodicity of at least one of: nanosecond, several nanoseconds,millisecond, several milliseconds, second, several seconds, minute,several minutes, hourly, several hours, daily, several days, weekly,monthly, etc.

In some embodiments, the inventive electronic systems are associatedwith electronic mobile devices (e.g., smartphones, etc.) of users andserver(s) in the distributed network environment, communicating over asuitable data communication network (e.g., the Internet, etc.) andutilizing at least one suitable data communication protocol (e.g.,IPX/SPX, X.25, AX.25, AppleTalk™, TCP/IP (e.g., HTTP), etc.). In someembodiments, a plurality of concurrent users can be, but is not limitedto, at least 100 (e.g., but not limited to, 100-999), at least 1,000(e.g., but not limited to, 1,000-9,999), at least 10,000 (e.g., but notlimited to, 10,000-99,999), at least 100,000 (e.g., but not limited to,100,000-999,999), at least 1,000,000 (e.g., but not limited to,1,000,000-9,999,999), at least 10,000,000 (e.g., but not limited to,10,000,000-99,999,999), at least 100,000,000 (e.g., but not limited to,100,000,000-999,999,999), at least 1,000,000,000 (e.g., but not limitedto, 1,000,000,000-10,000,000,000).

Illustrative Exemplary Operating Environments

FIG. 1 illustrates one embodiment of an environment in which theexemplary specially programmed inventive computing system of the presentinvention may operate. However, not all of these components may berequired to practice the invention, and variations in the arrangementand type of the components may be made without departing from the spiritor scope of the invention. In some embodiments, the exemplary speciallyprogrammed inventive computing system may manage a large number ofmembers and/or concurrent real-time negotiations (e.g., at least 10; atleast 100; at least 1,000; at least, 10,000; at least 1,000,000; etc.).In other embodiments, the inventive system and method are based on ascalable computer and network architecture that incorporates variousstrategies for assessing the data, caching, searching, and databaseconnection pooling. An example of the scalable architecture is anarchitecture that is capable of operating multiple servers.

In embodiments, users (e.g., requestors of electronic data records(EDRs)) of the exemplary specially programmed inventive computing systemof the present invention can utilize virtually any computing device102-104 (e.g., desktop computer, laptop, smartphone) which isspecifically programmed to receive and send messages over a network,such as network 105, to and from servers 106 and 107 which areprogrammed to conduct the real-time negotiations and generate theinventive synthetic non-reversible data records (SNR EDRs). Inembodiments, the set of such devices includes devices that typicallyconnect using a wired communications medium such as personal computers,multiprocessor systems, microprocessor-based or programmable consumerelectronics, network PCs, and the like. In some embodiments, the set ofsuch devices also includes devices that typically connect using awireless communications medium such as cell phones, smart phones, radiofrequency (RF) devices, infrared (IR) devices, VR (virtual realitydevice), integrated devices combining one or more of the precedingdevices, or virtually any mobile device, and the like. Similarly, insome embodiments, each of client devices 102-104 is any device that iscapable of connecting using a wired or wireless communication mediumsuch as a PDA, wearable computer, and any other device that is equippedto communicate over a wired and/or wireless communication medium.

In embodiments, each user device of the devices 102-104 may include theapp and/or a browser application that is configured to receive and tosend web pages, and the like. In embodiments, the browser applicationmay be configured to receive and display graphics, text, multimedia, andthe like, employing virtually any web based language, including, but notlimited to Standard Generalized Markup Language (SMGL), such asHyperText Markup Language (HTML), a wireless application protocol (WAP),a Handheld Device Markup Language (HDML), such as Wireless MarkupLanguage (WML), WMLScript, XML, JavaScript, and the like. Inembodiments, programming may include either Java, .Net, QT, C, C++ orother suitable programming language.

In embodiments, users' devices 102-104 may be further configured toreceive a message from another computing device employing anothermechanism, including, but not limited to email, Short Message Service(SMS), Multimedia Message Service (MMS), instant messaging (IM),internet relay chat (IRC), mIRC, Jabber, and the like or a proprietaryprotocol.

In embodiments, the network 105 may be configured to couple onecomputing device to another computing device to enable them tocommunicate. In some embodiments, the network 105 may be enabled toemploy any form of computer readable media for communicating informationfrom one electronic device to another. Also, in some embodiments, thenetwork 105 may include a wireless interface, and/or a wired interface,such as the Internet, in addition to local area networks (LANs), widearea networks (WANs), direct connections, such as through a universalserial bus (USB) port, other forms of computer-readable media, or anycombination thereof. In some embodiments, on an interconnected set ofLANs, including those based on differing architectures and protocols, arouter may act as a link between LANs, enabling messages to be sent fromone to another.

FIG. 2 shows another exemplary embodiment of the computer and networkarchitecture that can support the exemplary inventive specificallyprogrammed computing devices, the exemplary inventivecomputer-programmed systems, and the exemplary inventivecomputer-processing methods of the present invention. In someembodiments, each of the user devices 202 a, 202 b thru 202 n of users(requestors of EDRs 212 a, 212 b, and 212 n) at least includes acomputer-readable medium, such as a random access memory (RAM) 208coupled to a processor 210 or FLASH memory. In some embodiments, theprocessor 210 may execute computer-executable program instructionsstored in memory 208. In some embodiments, such processors comprise amicroprocessor, an ASIC, and state machines. In some embodiments, suchprocessors comprise, or may be in communication with, media, for examplecomputer-readable media, which stores instructions that, when executedby the processor, cause the processor to perform the steps describedherein.

In some embodiments, types of computer-readable media may include, butare not limited to, an electronic, optical, magnetic, or other storageor transmission device capable of providing a processor, such as theprocessor 210 of client 202 a, with computer-readable instructions. Insome embodiments, other examples of suitable media may include, but arenot limited to, a floppy disk, CD-ROM, DVD, magnetic disk, memory chip,ROM, RAM, an ASIC, a configured processor, all optical media, allmagnetic tape or other magnetic media, or any other medium from which acomputer processor can read instructions. Also, various other forms ofcomputer-readable media may transmit or carry instructions to acomputer, including a router, private or public network, or othertransmission device or channel, both wired and wireless. In someembodiments, the instructions may comprise code from anycomputer-programming language, including, for example, C, C++, VisualBasic, Java, Python, Perl, Ruby on Rail and JavaScript.

In some embodiments, member devices 202 a-n may also comprise a numberof external or internal devices such as a mouse, a CD-ROM, DVD, akeyboard, a display, or other input or output devices. Examples ofclient devices 202 a-n may be personal computers, digital assistants,personal digital assistants, cellular phones, mobile phones, smartphones, pagers, digital tablets, laptop computers, Internet appliances,and other processor-based devices. In general, a client device 202 a maybe any type of processor-based platform that is connected to a network206 and that interacts with one or more application programs. Clientdevices 202 a-n may operate on any operating system capable ofsupporting a browser or browser-enabled application, such as Microsoft™,Windows™, or Linux. In some embodiments, the client devices 202 a-nshown may include, for example, personal computers executing a browserapplication program such as Microsoft Corporation's Internet Explorer™,Apple Computer, Inc.'s Safari™, Mozilla Firefox, and Opera. Through theclient devices 202 a-n, users (requestors of EMRs) 212 a-n communicateover the network 206 with each other and with other systems and devicescoupled to the network 206. As shown in FIG. 5, server devices 204 and213 may be also coupled to the network 206. In an embodiment of thepresent invention, one or more clients can be a mobile client.

In some embodiments, the term “mobile electronic device” may refer toany portable electronic device that may or may not be enabled withlocation tracking functionality. For example, a mobile electronic devicecan include, but is not limited to, personal digital assistant (PDA),Blackberry™, pager, smartphone, or any other reasonable mobileelectronic device. For ease, at times the above variations are notlisted or are only partially listed, this is in no way meant to be alimitation.

For purposes of the instant description, the terms “cloud,” “Internetcloud,” “cloud computing,” “cloud architecture,” and similar termscorrespond to at least one of the following utilized by the exemplaryinventive computer-programmed systems and the exemplary inventivecomputer-processing methods of the present invention: (1) a large numberof computers connected through a real-time communication network (e.g.,Internet); (2) providing the ability to run a program or application onmany connected computers (e.g., physical machines, virtual machines(VMs)) at the same time; (3) network-based services, which appear to beprovided by real server hardware, and are in fact served up by virtualhardware (e.g., virtual servers), simulated by software running on oneor more real machines (e.g., allowing to be moved around and scaled up(or down) on the fly without affecting the end user). In someembodiments, the inventive computer flexible lease basis systemoffers/manages the cloud computing/architecture as, but not limiting to:infrastructure a service (IaaS), platform as a service (PaaS), andsoftware as a service (SaaS). FIGS. 3 and 4 illustrate schematics ofexemplary implementations of the cloud computing/architecture.

Of note, the embodiments described herein may, of course, be implementedusing any appropriate hardware and/or computing software languages. Inthis regard, those of ordinary skill in the art are well versed in thetype of computer hardware that may be used (e.g., a mainframe, amini-computer, a personal computer (“PC”), a network (e.g., an intranetand/or the internet)), the type of computer programming techniques thatmay be used (e.g., object oriented programming), and the type ofcomputer programming languages that may be used (e.g., C++, Basic, AJAX,Javascript). The aforementioned examples are, of course, illustrativeand not restrictive.

As detailed herein, typically, electronic data records on a populationof real individuals may have one or personal identifying attributes(identification identifiers), such as, but not limited to, names,birthdays, ages, addresses, zip codes, social security numbers; phones,etc. For example, a cable company may track records of personal viewingpreferences together personal identifying information of its subscribers(identification identifiers). In another example, an internet companymay track internet activity of its users together with personalidentifying information. Due to privacy, identify fraud, and/or otherelectronic security concerns, one technological problem has been thatunrelated entities would not typically electronically transfer anyelectronical data what might include identification identifiers, whichis. In one example, to utilize data records having identificationidentifiers, one would need first to anonymize such data records byremoving all identification identifiers that could be used to identify aspecific individual or group of individuals. However, the anonymizationleads to a loss of a benefit to a society due to a generalization of theunderlining data records. As detailed herein, in at least someembodiments, the present invention addresses the above technicalproblem, by dynamically generating synthetic data records for synthetic(non-real) individuals where the synthetic data includes syntheticidentification identifiers which are statistically representative (e.g.,practically identical) of the real data records of the real individualsbut cannot be utilized to identify the real individuals (non-reversibledata). The inventive synthetic data records of the synthetic individualsare referenced herein as non-reversible electronic data records (SNREDRs). The inventive non-reversible synthetic data records of thesynthetic individuals allows previously unavailable benefits such as,but not limited to, an ability to share personal electronic data betweencomputer systems of unrelated entities, a precision in variouspersonalized applications drug development, treatment development,public policy development, and others. In some embodiments, as detailedherein, the exemplary computer engines/systems of the present inventiongenerate one or more synthetic identification identifiers based on anAnonymity Level associated with a user who desires to receive thesynthetic data records of the synthetic individuals.

In some embodiments, the inventive synthetic non-reversible electronicdata records (SNR EDRs) are the inventive synthetic non-reversibleelectronic medical records (SNR EMRs) that the inventive speciallyprogrammed computing systems may be configured to generate based on theinventive real-time electronic negotiation querying. In someembodiments, the SNR EMRs can be used in a wide variety of studiesperformed by research entities and/or pharmaceutical companies forvarious purposes such as, but not limited to, personalized drugdevelopment, clinical trial development (e.g., identifying a clinicaltrial population) and others.

For example, a typical source EMR data object is a collection ofelectronic health information about an individual or a population ofindividuals. A typical source EMR data object includes record(s) indigital format that is/are capable of being shared across differenthealthcare settings. A typical source EMR data object may includerecord(s) with categorical/discrete/qualitative and/or quantitative datawhich are representative of individual identifiable information,individual health/medical information, doctors visit information,prescriptions, service providers information (e.g., MRI provider, etc.),test results information (e.g., numerical values), and other similarlysuitable information.

Illustrative Examples of Inventive Computer Interfaces Configured toRealize the Inventive Real-Time Electronic Negotiation Querying inAccordance with at Least Some Embodiments of the Present Invention

FIG. 5 shows a screenshot of a computer interface (graphical userinterface) that the exemplary specially programmed inventive computingsystem may cause to be displayed to an exemplary user (e.g., aresearcher) on an exemplary electronic device utilized by the exemplaryuser to log in to perform the inventive real-time electronic negotiationquerying. For example, FIG. 5 lists exemplary five institutions whichwould be considered as covered entities under the HIPAA. In someembodiments, the computer interface of FIG. 5 may be displayed to theuser after the exemplary specially programmed inventive computing systemauthenticating credential(s) from the user, confirming the user'sidentity and/or entity affiliation (e.g., hospital employee,pharmaceutical company's researcher, etc).

FIG. 6A shows another screenshot of another computer interface that theexemplary specially programmed inventive computing system may cause tobe displayed to the exemplary user such that the user may set upparameters of an exemplary inventive real-time electronic negotiationquerying session. Specifically, the user may be allowed to, for examplebut not limited, assign a name to the exemplary inventive real-timeelectronic negotiation querying session, identify a date range for aparticular data sample of interest, and selecting one or moredemographic properties.

FIG. 6B shows another screenshot of another computer interface that theexemplary specially programmed inventive computing system may cause tobe displayed to the exemplary user such that the user may be allowed to,for example but not limited, identify one or more patient events ofinterest for the exemplary inventive real-time electronic negotiationquerying session.

As referenced herein, the terms “personal event,” “patient event,” “userevent,” “patient event of interest,” and “user event of interest” areinterchangeably used and identify a particular life event of anindividual. In some embodiments, the particular life event may behealthcare-related (e.g., doctor visit). In some embodiments, theparticular life event may be non-healthcare-related. For example, anexemplary user event may be any one of the following, but not limitedto: a medical procedure, an image (e.g., X-ray or MRI image), a drug, aprescription, a laboratory result, etc.

FIG. 6C shows another screenshot of another computer interface that theexemplary specially programmed inventive computing system may cause tobe displayed to the exemplary user such that the user may be allowed to,for example but not limited, identify one or more reference events forthe exemplary inventive real-time electronic negotiation queryingsession.

As referenced herein, the term “reference event” identifies, at aparticular common time period, an arbitrary common event which isnecessarily associated with a group of individuals whose the inventivesynthetic non-reversible electronic data records the exemplary userdesires to obtain. For example, in some embodiments, an exemplaryreference event may be, but not limited to, spraining of a foot at ageof 25.

As used herein, the term “non-reversible” identifies an inability todetermine whether a particular piece of information is related to aparticular individual.

In some embodiments, the inventive SNR EMRs have the same or suitabilitysimilar statistical characteristics as the source/original electronicalmedical records (EMRs) on the basis of which the inventive SNR EMRs havebeen generated by the inventive specially programmed computing systems.In some embodiments, the SNR EMRs are configured to avoid a risk ofexposing private and/or confidential individual information.

FIG. 6D shows another screenshot of another computer interface that theexemplary specially programmed inventive computing system may cause tobe displayed to the exemplary user such that the user may be informed inreal-time that, based on particular reference event(s) selected, howmany individuals are being matched (e.g., “1561”) from a total number ofindividuals (e.g., “10,000”) for whom there would be EMRs in particularelectronic source(s).

FIG. 6E shows another screenshot of another computer interface that theexemplary specially programmed inventive computing system may cause tobe displayed to the exemplary user such that the user may furthercontinue to define time-related properties (subevents) of one or morereference events to further define the desired population of individuals(i.e., defining the desired granularity of data).

FIG. 6F shows another screenshot of another computer interface that theexemplary specially programmed inventive computing system may cause tobe displayed to the exemplary user such that the user may further defineoutput variable for each time-related property (subevent) of one or morereference events.

FIG. 6G shows another screenshot of another computer interface (anegotiation dashboard screen) that the exemplary specially programmedinventive computing system may cause to be displayed to the exemplaryuser such that the user may be informed that, based on negotiationparameters selected and the user's Anonymity Level of 3, there would beno records that match the user's selection.

FIGS. 6H and 6I show screenshots of exemplary computer interfaces thatthe exemplary specially programmed inventive computing system may causeto be displayed to the exemplary user such that the user may changepreviously defined negotiation parameters to determine if the exemplaryinventive computing system may determine that, based on the user'sAnonymity Level, the user can receive some data. For example, utilizingthe negotiation dashboard screen (FIG. 6G), the user can determine howchange in a value of a particular negotiation parameter would affect anumber of individuals for whom the data would be available.

For example, after the user has changed the negotiation parameters asshown in FIGS. 6H and 6I, the negotiation dashboard screen shows, inFIG. 6J, that there would be records (“1250”) that match the user'sselection.

FIG. 6L shows another screenshot of another computer interface that theexemplary specially programmed inventive computing system may cause tobe displayed to the exemplary user such that the user may select todownload a file with the inventive SNR EMRs and/or obtain a comparisonreport that would statistically compare the source EMRs, which matcheduser's desired parameters, with the inventive SNR EMRs that have beengenerated by the exemplary specially programmed inventive computingsystem, where one would not be able to identify a single individualrelated to the source EMRs from the inventive SNR EMRs.

FIG. 6M shows a snapshot of a part of an Excel file generated by theexemplary specially programmed inventive computing system after the userwould click on a Download Synthetic File button shown in FIG. 6L.

FIGS. 7A-7F show screenshots of an exemplary comparison report betweenthe source EMRs, which matched user's desired parameters, with theinventive SNR EMRs that have been generated by the exemplary speciallyprogrammed inventive computing system. In some embodiments, theexemplary comparison report was generated by the exemplary speciallyprogrammed inventive computing system after the user would click on anOpen Comparison Report button shown in FIG. 6L. As explanations shown inscreenshots of the exemplary comparison report (FIGS. 7A-7F) explainthat the exemplary comparison report allows the user to determine howstatistically comparable the inventive SNR EMRs are to the source EMRs,and identifies what value(s) the user may need to adjust to achieve asufficient level of statistical comparability.

Exemplary Embodiments of the Inventive Methods of Generating theInventive SNR EMRs which are HIPAA Self-Compliant Under “the ExpertDetermination” Method Due to Avoidance of any Statistical Risk of theDe-Identification (i.e., being Non-Reversible) I. Background of HIPAA'sCompliance

HIPAA is the Health Insurance Portability and Accountability Act of 1996which is the U.S. federal law that sets rules about who can look at andreceive health information of a particular individual. For example,HIPAA's compliant electronic management would need to be compliant withPrivacy Rule as detailed in 45 C.F.R. Part 160 and Part 164, Subparts Aand E, issued the U.S. Department of Health and Human Services. Underthe HIPAA Privacy Rule, there are two ways that health information canbe de-identified and therefore no longer considered Protected HealthInformation (PHI).

The first way of complying with the HIPAA Privacy Rule is to remove all18 listed de-identification identifiers (the so-called “safe harbor”method). For example, the following de-identification identifiers of theindividual or of relatives, employers, or household members of theindividual to be removed are: (A) Names; (B) All geographic subdivisionssmaller than a State, including street address, city, county, precinct,zip code, and their equivalent geocodes, except for the initial threedigits of a zip code if, according to the current publicly availabledata from the Bureau of Census (1) the geographic units formed bycombining all zip codes with the same three initial digits contains morethan 20,000 people; and (2) the initial three digits of a zip code forall such geographic units containing 20,000 or fewer people is changedto 000; (C) All elements of dates (except year) for dates directlyrelated to the individual, including birth date, admission date,discharge date, date of death; and all ages over 89 and all elements ofdates (including year) indicative of such age, except that such ages andelements may be aggregated into a single category of age 90 or older;(D) Telephone numbers; (E) Fax numbers; (F) Electronic mail addresses:(G) Social security numbers; (H) Medical record numbers; (I) Health planbeneficiary numbers; (J) Account numbers; (K) Certificate/licensenumbers; (L) Vehicle identifiers and serial numbers, including licenseplate numbers; (M) Device identifiers and serial numbers; (N) WebUniversal Resource Locators (URLs); (0) Internet Protocol (IP) addressnumbers; (P) Biometric identifiers, including finger and voice prints;(Q) Full face photographic images and any comparable images; and/or anyother unique identifying number, characteristic, or code, except aspermitted for re-identification purposes provided certain conditions aremet.

The “safe harbor” method is not part of the present invention.

II. Exemplary Embodiments of the Inventive Methods of Generating theInventive SNR EMRs which are HIPAA Self-Compliant Under “the ExpertDetermination” Method Due to Avoidance of any Statistical Risk of theDe-Identification (i.e., being Non-Reversible)

The second way of complying with the HIPAA Privacy Rule is to obtainconfirmation from a qualified statistician that the risk ofidentification is very small (the “expert determination” method)—thepresent invention meets this requirement based on the inventive SNR EMRsbeing HIPAA self-compliant since, as detailed herein, the presentinvention utilizes statistical methodologies that avoid any statisticalrisk of the de-identification (i.e., the inventive SNR EMRs beingnon-reversible).

For example, the inventive SNR EMRs is configured to be HIPAA compliantwhile representing the statistical characteristics of source EMRs whichhave been utilized to generate the inventive SNR EMRs. In someembodiments, an exemplary specially programmed computing system isconfigured to generate the inventive SNR EMRs based on and statisticaldata gathered from source EMRs data. In some embodiments, the inventiveSNR EMRs contain precise numerical/quantitative information.

In some embodiments, an exemplary specially programmed inventivecomputing system can utilize various types of computing devices, suchas, but not limited to, specially programmed Pearson correlationalcomputer(s), specially programmed server(s), and similar others.

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to process the source EMRs data objectswhich can include at least two types of data objects:

1) discrete data objects (e.g., gender, state, race, etc.); and

2) numeric/quantitative data objects (e.g., blood test results, exactage, etc.).

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to extract statistical pattern(s)s fromthe source EMR data set(s) (1). In some embodiments, the source EMR datasets may be stored in at least one database of relational and/or NoSQLnature. For example, in some embodiments, at least one statisticalrepresentation of the source EMR data object is created in the RAM(Random Access Memory) of a computing device through a datatransportation method, such as, but not limited to, a bulk data transferprotocol. In some embodiments, the exemplary specially programmedinventive computing system may be configured to utilize the at least onestatistical representation to then create exemplary inventive SNREMR(s). In some embodiments, the exemplary inventive SNR EMR(s) may bestored in a separate database of relational and/or NoSQL nature, on afile server as file(s), and/or in any other similarly suitablenon-transient computer medium.

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to utilize at least one three dimensionalcell structure to analyze the source EMR data.

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to utilize at least one flat table toanalyze the source EMR data, reducing the source EMR data's dimensionsto at least one two dimensional flat table structure. For example, insuch embodiments, the at least one two dimensional flat table structurethis table every row represents a single individual EMRs dataset, andevery column represents a fact or a value related to a particularindividual. For example, Table 1 provides an illustrative example of adata set that lists individuals who have a specific illness at specificdata times.

TABLE 1 Cate- Cate- gorical Categorical gorical Numeric Numeric NumericValue Value Value Value Value Value Smoker State Gender Cholesterol HDLLDL yes FL Male 107 38 38 no NJ Female 145 43 21 yes NJ Male 132 45 27yes NJ Male 132 33 37 yes NJ Male 122 87 33 no NY Female 122 56 55 yesTX Male 132 89 42 no CL Female 132 33 37 yes CL Male 134 56 55 no TXMale 145 89 42 yes TX Male 132 33 37 no NY Male 134 56 55 yes AL Male132 45 27 no AK Female 134 87 33 yes CT Male 107 38 38 yes AL Male 13233 37 yes AK Male 107 38 38 no NY Female 107 38 38 yes AL Male 145 89 42no AK Female 122 56 55 yes CT Male 122 87 33 no AL Male 134 87 33 yes AKMale 145 45 27 no CT Female 132 89 42

For example, a typical source EMR dataset can have at least 1,000 to1,000,000 rows and at least 50 to 1,000 columns. For example, a typicalsource EMR dataset can have at least 10,000 to 1,000,000 rows and atleast 100 to 2,000 columns. For example, a typical source EMR datasetcan have at least 1,000 to 10,000,000 rows and at least 50 to 3,000columns. For example, a typical source EMR dataset can have at least10,000 to 1,000,000,000 rows and at least 50 to 3,000 columns. Forexample, a typical source EMR dataset can have at least 1,000 rows andat least 50 columns. For example, a typical source EMR dataset can haveat least 10,000 rows and at least 100 columns. For example, a typicalsource EMR dataset can have at least 1,000,000 rows and at least 100columns. For example, a typical source EMR dataset can have at least1,000 rows and at least 1,000 columns. For example, a typical source EMRdataset can have at least 10,000 rows and at least 2,000 columns. Forexample, a typical source EMR dataset can have at least 1,000,000 rowsand at least 2,000 columns.

For purposes of illustration only, as shown in Table 1, one exemplarysource EMR contains 3 categorical values columns, 3 numerical valuescolumns and records for 23 individuals. For example, another exemplarysource EMR can represent hundreds of additional parameters, such as, butnot limited to, Body-to Mass Index (BMI), height, Prostate ScreenAnalysis (PSA) result, glucose level, average blood pressure in the last3 months, etc. For example, as detailed herein, an exemplary source EMRdata object may contain records for at least one thousand individuals.

Illustrative Examples of Various Anonymity Levels

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to engage a user in the real-timeelectronic negotiation querying based, at least in part, on an anonymitylevel associated with such user. In some embodiments, the exemplaryspecially programmed inventive computing system may dynamically assign,in real-time, a particular anonymity level to the user based on one ormore characteristic of the user. In some embodiments, the particularanonymity level is related to a minimum size of a population grouphaving at least one particular patient/personal event and/or demographicproperty. In some embodiments, the exemplary specially programmedinventive computing system is configured to utilize any suitablecombination of distinct pieces of data related to the population groupto determine the minimum size corresponding to the particular anonymitylevel.

In some embodiments, the exemplary specially programmed computing systemconfigured to output the inventive SNR EMRs only when a value of theuser's associated anonymity level for at least one desired datacharacteristic profile is equal or smaller to a number of individualswith identical set of values in the source EMR. For example, in someembodiments, the exemplary specially programmed computing systemconfigured to utilize the anonymity levels to determine the level ofaccess to the source EMR via the inventive SNR EMRs for various types ofusers. In some embodiments, the exemplary specially programmed inventivecomputing system is configured to assign a particular anonymity level toa user when the user registers with the exemplary specially programmedinventive computing system. In some embodiments, the exemplary speciallyprogrammed inventive computing system is configured to modify theanonymity level access based on the user's relationship to the sourceEMRs.

For example, a typical access level for a medical staff member (with theassumed access to actual medical records) of a medical institution,where the source EMR is stored at the same locale associated with themedical staff member, can be set at a low anonymity level, such as, butnot limited to, 2 or 3 (e.g., the anonymity level can be based on anarbitrary numerical scale). For example, the exemplary speciallyprogrammed computing system is configured to associate an outside user(e.g., the medical staff member of the medical institution, assessingover an external communication connection, an external user who is not amedical staff member) with a high anonymity level (e.g., 8-10). Forexample, the outside user's anonymity level of 10 signifies that theexemplary specially programmed computing system is configured to preventsuch outside user from receiving the inventive SNR EMRs whichcorresponds to knowledge of information which can related directly toless than 10 individuals.

In some embodiments, as part of the inventive real-time electronicnegotiation querying, based on the anonymity level value, the exemplaryspecially programmed computing system is configured to remove anycombination of categorical values and/numerical values that is less thanthe given number of individual records in the source EMR from being partof the inventive SNR EMRs when the inventive SNR EMRs being generated.

For example, with the reference to the illustrative example of thesource EMR of Table 2, assuming that the exemplary specially programmedcomputing system has assigned an anonymity level of 3 to a particularuser. As detailed above, Table 1 has 3 categorical value columns of:“Smoker,” “State,” and “Gender.” As Table 1 shows, there are 3 smokingmale individuals in NJ (the anonymity level of 3 equals to having atleast 3 individuals) whose records can be used by the exemplaryspecially programmed computing system to the inventive SNR EMR datasetsfrom the source EMR datasets.

However, as Table 1 shows, there are only two non-smoker Femaleindividuals in NJ (i.e., 2 non-smoker Female individuals<the anonymitylevel value of 3), hence the exemplary specially programmed computingsystem is configured to disregard the source EMR data of the twonon-smoker Female individuals in NJ when generating the inventive SNREMR datasets.

If the particular user still desires to extract information from theomitted records, during the inventive real-time electronic negotiationquerying, the user can ask the exemplary specially programmed computingsystem to use a higher hierarchy (e.g., lower data granularity) of thesource EMR dataset, and include those records in generating theinventive SNR EMR datasets. For example, in such case, the user may besatisfied with having the inventive SNR EMR datasets being generated,from the source EMR datasets, based on a region level as oppose to thestate level. In such example, the exemplary specially programmedcomputing system is configured to represent values for NY and NJindividuals in combination as “East Coast” data. Since, as Table shows,there are 4 non-smokers Females on the East Coast (2 in NY and 2 in NJ),the combined records result in 4 records being more that the anonymityvalue of 3. Consequent, based on such level of representation (i.e.,“East Coast” level), the exemplary specially programmed inventivecomputing system will include the source data of such individuals whengenerating the exemplary inventive SNR EMR(s).

For example, as another option to be explored during the inventivereal-time electronic negotiation querying, the user may decide not toreceive information in the field “Smoker”—i.e., setting the value forthis categorical column to a higher hierarchy (e.g., “All”=Smokers andnon-Smokers). In such case, there are 4 people in New Jersey, allowingthe exemplary specially programmed inventive computing system to includethe source data of such individuals when generating the exemplaryinventive SNR EMR(s).

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to next fill all the discrete columns byusing, for example but not limited to, a conditional probabilitymethodology which can include the following steps. In some embodiments,the exemplary specially programmed inventive computing system isconfigured to apply the anonymity level for the discrete columns onlyand apply the self-recalculation method for the numeric columns.

Step 1: Column-by-Column Self-Transformation for Columns withCategorical Values

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to randomize values for the first columnbased on the distribution of the items on the original data set for thefirst column. For example, in Table 1, there are 10 non-smokers and 14smokers. This leads to a ratio of 10/24 of non-smokers (or 41.6%) and aratio of 14/24 of smokers (or 58.4%). At this stage, the exemplaryspecially programmed inventive computing system has values for only onecolumn (Smokers—yes/no) that holds this ratio.

Then, in some embodiments, the exemplary specially programmed inventivecomputing system is configured to move to the next row and repeat theprocess. Similarly, the exemplary specially programmed inventivecomputing system may be configured to repeat the ratio calculation up tothe number of the anticipated synthetic records. For example, at thisstage, the first 10 records may retain the values shown in Table 2.

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to proceed to the next (second) column.Similarly, the exemplary specially programmed inventive computing systemis configured to randomize values for this column based on thedistribution of the items on the original data set for this column,taken into account all previous data elements that has been created inthe row. For example, if the row includes a non-smoker in NY by therandomization process, then the Gender probability would be 1/3 (33.33%)male and 2/3 (66.66%) female.

TABLE 2 Smoker yes yes yes no yes yes yes no no yes

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to repeat the same process all thecolumns with categorical values in the original data set. For example,at this stage, the first 10 records of the exemplary inventive SNR EMRmay retain the values shown in Table 3.

In some embodiments, after the exemplary specially programmed inventivecomputing system uses the conditional probability method, the exemplaryspecially programmed inventive computing system is configured togenerate a new set of the inventive SNR EMRs for the categorical valuedata objects (not the numeric ones). At this stage, the number ofinventive SNR EMRs in the new set may be equal to or larger than thenumber of the source EMRs.

TABLE 3 Smoker State Gender yes AL Male yes NJ Male yes TX Male no CLFemale yes AK Male yes CT Male yes FL Male no NY Male no NJ Female yesAK Male

Step 2: Column-by-Column Self-Transformation for Columns with NumericValues

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to generate an array of the dimensionn×m, for every combination of the categorical value columns. In someembodiments, the exemplary specially programmed inventive computingsystem is configured to utilize the truncation of table objects. Forexample, the array is a matrix of numerical values of the dimension m,where m represents the columns (value/facts) and n represents the rows(a number of individuals per each combination). In one scenario, if inthe combination of categorical values in a raw is Smokers=“yes,”State=“NJ,” and Gender=“Male” and those are the only categorical valuecolumns in the source EMR dataset, the exemplary specially programmedinventive computing system would identify 3 individuals and, if thenumeric value columns would be HDL level and Cholesterol level, theexemplary specially programmed inventive computing system would haveutilize a matrix P of 3×2, a total of 6 values. In Table 4, each cell ofthe n×m array, which the exemplary specially programmed inventivecomputing system would modify, is identified with an asterisk.

TABLE 4 Smokers State Gender Cholesterol HDL no FL Male 132  89  no NJFemale 122  87  yes NJ Male 145* 45* yes NJ Male 132* 33* yes NJ Male134* 56* no NY Female 107  38 

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to replace the matrix P with a new matrixT with minimum n×m dimensions, stored in a new array (2). For example,the values in the matrix T retain similar statistical characteristics asthe values of the matrix P based, at least in part, on the followingsteps. For example, during the real-time negotiation, the exemplaryspecially programmed inventive computing system is configured todetermine at least one statistical characteristic which needs to beconserved. In one scenario, in some embodiments, the exemplary speciallyprogrammed inventive computing system is configured to utilize one ormore of the following equations to calculate a value of a particularstatistical characteristic, but not being limited to.

Exemplary Average Equation

$\begin{matrix}{{\overset{\_}{x} = {f_{{Av}{(j)}} = \frac{\sum\limits_{i = 1}^{n}x_{i}}{n}}},} & (1)\end{matrix}$where x_(i) is the value of column j individual i.

For example, in the above illustrative example (Smokers and NJ andmales: n=3), the exemplary specially programmed inventive computingsystem would calculate the average value for the matrix T (HDL values)to be (45+33+56)/3=44.66.

Exemplary Standard Deviation Equation

$\begin{matrix}{\sigma = {f_{{Sd}{(j)}} = \sqrt{\frac{1}{n}{\sum\limits_{i = 1}^{n}( {x_{i} - \overset{\_}{x}} )^{2}}}}} & (2)\end{matrix}$

In mathematics, a system of equations is considered underdetermined ifthere are fewer equations than unknowns. Each unknown can be seen as anavailable degree of freedom. Each equation introduced into the systemcan be viewed as a constraint that restricts one degree of freedom. Sucha system will have an infinite number of solutions in the general case.In accordance with the principles of the present invention, due to thefact that the number of equations solved is smaller than the number ofvariables, there is an infinite combination of variables that willsatisfy the set of equations. In some embodiments, the exemplaryspecially programmed inventive computing system of the present inventionrandomly selects from this infinite set a single set. Ones the data isgiven to the end user the only fact that the user can deduct about aspecific person in the data set is that such person belongs to a groupwith no option to deduct such person's original data (i.e., there is noa known method to identify the original variable combination out of theinfinite one).

For example, in the above illustrative example (Smokers and NJ andmales: n=3), the exemplary specially programmed inventive computingsystem would calculate the standard deviation for the matrix T (HDLvalues) to be:

$( {( {{( {45 - 44.66} )^{\bigwedge}2} + {( {33 - 44.66} )^{\bigwedge}2} + {( {56 - 44.66} )^{\bigwedge}2}} )/3} )^{\bigwedge{1/2}} = {\sqrt{\frac{397}{3}} \approx 11.504}$

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to utilize at least one pre-definedequation for every statistical characteristic and column intended to beconserved from the source EMR dataset, resulting in m equations percolumn based on desired characteristic (e.g., average, standarddeviation, etc.).

For example, for each desired statistical characteristic involving twoor more columns (such as, but not limited to, Pearson correlation), theexemplary specially programmed inventive computing system is configuredto utilize an equation which would process any column permutations.

For example, in some embodiments, the exemplary specially programmedinventive computing system is configured to utilize the

$\frac{m( {m - 1} )}{2}$equation for “m” desired numeric columns based on the Pearsoncorrelation. Hence, in some embodiments, the exemplary speciallyprogrammed inventive computing system is configured to utilize the totalnumber of equations which can be determined based on the

${\frac{m( {m - 1} )}{2}l} + {k\; m}$equation, where “m” is a number of numeric columns, “l” is a number ofstatistical characteristics involving two columns (such as Pearsoncorrelation), “k” is a number of characteristics related to a singlecolumn. For example, the total number of variables can be determined asa product of (m×n), where “m” is a number of numeric value columns, and“n” is a number of individuals for that combination. In the abovescenario, if m=3 for the Pearson correlation-based transformation, theexemplary specially programmed inventive computing system is configuredto solve 3×(3−1)/2=3 equations.

In another scenario, where there are less equations than a number ofvariables, determined as the product of (m×n), the exemplary speciallyprogrammed inventive computing system is configured to select/generaterandom values for “g” variables (g=number of variables−number ofequations). In some embodiments, the exemplary specially programmedinventive computing system is configured to set each random value of aparticular variable within a range of values suitable to the source EMRvalue (categorical/numerical). In some embodiments, the exemplaryspecially programmed inventive computing system is configured topopulate a new matrix with “g” numeric values. In some embodiments, theexemplary specially programmed inventive computing system is configuredto solve the system of equations for all the other variables in such away as to satisfy all of the equations.

In another scenario, where there are more equations than the number ofvariables, the exemplary specially programmed inventive computing systemis configured to generate additional fictitious record(s) where eachfictitious record represents a synthetic individual (a particularinventive SNR EMR). In such case, in some embodiments, the exemplaryspecially programmed inventive computing system is configured toadd/append the same proportional number of new records to all matrices.Then, in some embodiments, the exemplary specially programmed inventivecomputing system is configured to solve the system of equations for allthe other variables in such a way that would satisfy all the equations.

Table 5 illustrates illustrative inventive SNR EMRs data objects whichthe exemplary specially programmed inventive computing system wouldgenerate and store in the computer memory from the source EMRs ofTable 1. For example, as Table 1 shows, the HDL average value for Table1 (the source EMRs) is 58. As Table 5 illustrates, the HDL average valueis 57.5 for the exemplary inventive SNR EMRs. As graphs in FIG. 8illustrate, while Table 1 and Table 5 differ in values and dimensions,in case of utilizing the Pearson correlation to generate the exemplaryinventive SNR EMRs, the Pearson correlation/Linear regression would bepractically (sufficiently) the same.

In some embodiments, the exemplary specially programmed inventivecomputing system is configured to utilize the anonymity level screeningfor the self-transformation of columns with categorical values andutilize the recalculation method for columns with numerical values.

TABLE 5 Smoker State Gender Cholesterol HDL LDL yes AK Male 145 45 21 noAK Female 122 56 27 yes AL Male 132 33 27 no AK Female 134 87 28 no ALMale 132 87 31 yes TX Female 132 45 33 yes AL Male 145 89 33 no CLFemale 132 33 33 yes NY Male 122 87 36 yes CL Male 142 56 37 yes CT Male107 38 37 no CT Female 132 89 37 yes AK Male 107 38 38 yes FL Male 10738 38 yes NJ Male 132 33 38 no NJ Female 145 43 38 yes NJ Male 166 45 42yes AK Male 122 87 42 no NY Female 122 56 42 no NY Male 107 31 44 yes TXMale 132 89 51 no NY Female 134 56 55 yes TX Male 132 33 55 no TX Male145 88 55

In some embodiments, the present invention provides for an exemplarycomputer system which includes at least the following components: atleast one graphical user interface client; at least one dedicatedapplication server; where the at least one dedicated application serverat least includes: a non-transitory memory storing instructions and atleast one server processor; where, when executing the instructions bythe at least one server processor, the at least one dedicatedapplication server is configured to operationally connect to the atleast one graphical user interface client and at least one electronicsource with a plurality of electronic data records; where the pluralityof electronic data records includes at least 10,000 data records; wherethe plurality of electronic data records includes real identificationidentifiers of real individuals; where the at least one graphical userinterface client is configured to utilize at least one processor of acomputing device of a user to: generate at least first graphical userinterface that includes: i) at least one first programmable softwareobject which is configured to receive user authenticating credentialinformation; where the at least one dedicated application server isconfigured to assign an anonymity level to the user based on userauthenticating credential information; ii) a plurality of secondprogrammable software objects which are configured to conduct at leastone real-time electronic negotiation querying session between the userand the at least one dedicated application server; where the at leastone real-time electronic negotiation querying session is configuredto: 1) receive, from the user, via the plurality of second programmablesoftware objects, at least the following: a) at least one of: aplurality of personal event data parameters of at least one personalevent and at least one demographic identifier, and b) a plurality ofreference event data parameters of at least one reference event, wherethe plurality of reference event data parameters of the at least onereference event include a plurality time-related property dataparameters for at least one time-related property of the at least onereference event; 2) allow, the user, via the plurality of secondprogrammable software objects, to iteratively adjust the plurality ofpersonal event data parameters of the at least one personal event and atleast one of the at least one demographic identifier and the pluralityof reference event data parameters of the at least one reference eventso that, based on the anonymity level of the user, there is a matchedsubset of a minimal number of real individuals associated with theplurality of electronic data records of the at least one electronicsource match the at least one personal event and the at least onereference event; 3) display, in real-time, an indication of how manyreal individuals are in the matched subset; 4) generate, with eachadjustment iteration, a plurality of non-reversible synthetic electronicdata records of a plurality of synthetic individuals, by utilizing atleast one statistical technique to perform at least one of:self-recalculation of discrete values of the plurality of electronicdata records of the matched subset and self-transformation categoricalvalues of the plurality of electronic data records of the matchedsubset; and 5) electronically output, for the user, the plurality ofnon-reversible synthetic electronic data records of the plurality ofsynthetic individuals to at least one electronic destination associatedwith the user; and where the plurality of non-reversible syntheticelectronic data records of the plurality of synthetic individuals: a)are statistically representative of the matched subset, b) have at leastone synthetic identification identifier corresponding to at least onereal identification identifier of a real individual from the matchedsubset, and c) cannot be utilized to identify any real individual fromthe matched subset.

In some embodiments, the at least one dedicated application server isconfigured to assign the anonymity level to the user based on an entityaffiliation of the user.

In some embodiments, the at least one statistical technique is aconditional probability methodology.

In some embodiments, the at least one real-time electronic negotiationquerying session is further configured to generate at least onecomparison report, analyzing all pairs of variables between theplurality of electronic data records of the matched subset and theplurality of non-reversible synthetic electronic data records of theplurality of synthetic individuals.

In some embodiments, the at least one comparison report is generatedbased on pearson's correlation for each pairs of variables between theplurality of electronic data records of the matched subset and theplurality of non-reversible synthetic electronic data records of theplurality of synthetic individuals.

In some embodiments, the plurality of electronic data records are aplurality of electronic medical records. In some embodiments, theplurality of non-reversible synthetic electronic data records of theplurality of synthetic individuals are HIPAA self-compliant. In someembodiments, the at least one synthetic identification identifier isde-identification identifier which is required, based on HIPAA, to beremoved from the plurality of electronic data records of the matchedsubset prior to being outputted to the at least one electronicdestination associated with the user.

In some embodiments, the present invention provides for an exemplarycomputer system which includes at least the following steps: causing toinstall at least one graphical user interface client on a computingdevice of a user; where the at least one graphical user interface clientis configured to operationally connect to at least one dedicatedapplication server; where the at least one dedicated application serverincludes: a non-transitory memory storing instructions and at least oneserver processor; where, when executing the instructions by the at leastone server processor, the at least one dedicated application server isconfigured to operationally connect to the at least one graphical userinterface client and at least one electronic source with a plurality ofelectronic data records; where the plurality of electronic data recordsincludes at least 10,000 data records; where the plurality of electronicdata records includes real identification identifiers of realindividuals; where the at least one graphical user interface client isconfigured to utilize at least one processor of the computing device ofthe user to: generate at least first graphical user interface thatincludes: i) at least one first programmable software object which isconfigured to receive user authenticating credential information; wherethe at least one dedicated application server is configured to assign ananonymity level to the user based on user authenticating credentialinformation; ii) a plurality of second programmable software objectswhich are configured to conduct at least one real-time electronicnegotiation querying session between the user and the at least onededicated application server; where the at least one real-timeelectronic negotiation querying session is configured to: 1) receive,from the user, via the plurality of second programmable softwareobjects, at least the following: a) at least one of: a plurality ofpersonal event data parameters of at least one personal event and atleast one demographic identifier, and b) a plurality of reference eventdata parameters of at least one reference event, where the plurality ofreference event data parameters of the at least one reference eventinclude a plurality time-related property data parameters for at leastone time-related property of the at least one reference event; 2) allow,the user, via the plurality of second programmable software objects, toiteratively adjust the plurality of personal event data parameters ofthe at least one personal event and at least one of the at least onedemographic identifier and the plurality of reference event dataparameters of the at least one reference event so that, based on theanonymity level of the user, there is a matched subset of a minimalnumber of real individuals associated with the plurality of electronicdata records of the at least one electronic source match the at leastone personal event and the at least one reference event; 3) display, inreal-time, an indication of how many real individuals are in the matchedsubset; 4) generate, with each adjustment iteration, a plurality ofnon-reversible synthetic electronic data records of a plurality ofsynthetic individuals, by utilizing at least one statistical techniqueto perform at least one of: self-recalculation of discrete values of theplurality of electronic data records of the matched subset andself-transformation categorical values of the plurality of electronicdata records of the matched subset; and 5) electronically output, forthe user, the plurality of non-reversible synthetic electronic datarecords of the plurality of synthetic individuals to at least oneelectronic destination associated with the user; and where the pluralityof non-reversible synthetic electronic data records of the plurality ofsynthetic individuals: a) are statistically representative of thematched subset, b) have at least one synthetic identification identifiercorresponding to at least one real identification identifier of a realindividual from the matched subset, and c) cannot be utilized toidentify any real individual from the matched subset.

While a number of embodiments of the present invention have beendescribed, it is understood that these embodiments are illustrativeonly, and not restrictive, and that many modifications may becomeapparent to those of ordinary skill in the art. Further still, thevarious steps may be carried out in any desired order (and any desiredsteps may be added and/or any desired steps may be eliminated).

What is claimed is:
 1. A computer system, comprising: a non-transitorymemory storing instructions and at least one processor; wherein, whenexecuting the instructions, the at least one processor is configured to:receive at least one electronic query from a user, wherein the at leastone electronic query comprises: a) at least one of: a plurality ofpersonal event data parameters of at least one personal event or atleast one demographic identifier, and b) a plurality of reference eventdata parameters of at least one reference event, wherein the pluralityof reference event data parameters of the at least one reference eventcomprises a plurality of time-related property data parameters for atleast one time-related property of the at least one reference event;assign an anonymity level to the user; identify, in response to the atleast one electronic query, a matched subset of matched data records fora number of real individuals from a plurality of electronic data recordsstored in at least one electronic source, based at least in part on: a)the anonymity level of the user, b) the at least one personal event, andc) the at least one reference event; wherein the plurality of electronicdata records comprises real identification identifiers of realindividuals; generate, based at least in part on the matched subset, aplurality of non-reversible synthetic electronic data records of aplurality of synthetic individuals by at least one of:self-recalculation of discrete values of the matched subset orself-transformation of categorical values of the matched subset;generate at least one comparison report that analyzes all pairs ofvariables between the matched subset and the plurality of non-reversiblesynthetic electronic data records of the plurality of syntheticindividuals to confirm that the plurality of non-reversible syntheticelectronic data records of the plurality of synthetic individuals isstatistically representative of the matched subset; wherein theplurality of non-reversible synthetic electronic data records of theplurality of synthetic individuals is unsuitable to be utilized toidentify any real individual from the matched subset so as to protectprivacy of the real individuals associated with the matched subset; andwherein each respective synthetic identification identifier of theplurality of non-reversible synthetic electronic data records of theplurality of synthetic individuals corresponds to at least one realidentification identifier of a real individual in the matched subset toavoid a generalization of the matched subset.
 2. The computer system ofclaim 1, wherein the anonymity level is assigned based at least in parton an entity affiliation of the user.
 3. The computer system of claim 1,wherein the self-recalculation, the self-transformation, or both arebased on a conditional probability methodology.
 4. The computer systemof claim 1, wherein the at least one comparison report is generatedbased at least in part on Pearson's correlation for each pairs ofvariables.
 5. The computer system of claim 1, wherein the plurality ofelectronic data records are a plurality of electronic medical records.6. The computer system of claim 1, wherein the at least one processor isfurther configured to: conduct, based at least in part on the at leastone electronic query, at least one real-time electronic negotiationquerying session with the user; wherein the at least one real-timeelectronic negotiation querying session allows the user to iterativelyadjust the plurality of personal event data parameters of the at leastone personal event and at least one of the at least one demographicidentifier and the plurality of reference event data parameters of theat least one reference event so that, based on the anonymity level ofthe user, the matched subset contains a minimal desired number of realindividuals associated with the plurality of electronic data records ofthe at least one electronic source matching the at least one personalevent and the at least one reference event.
 7. The computer system ofclaim 1, wherein the plurality of non-reversible synthetic electronicdata records of the plurality of synthetic individuals areself-compliant to at least one privacy policy.
 8. The computer system ofclaim 7, wherein each respective synthetic identification identifier isa de-identification identifier that is required, based on the at leastone privacy policy, to be removed from the matched subset when thematched subset would be outputted to the user.
 9. A computer-implementedmethod, comprising: receiving, by a computer processor, at least oneelectronic query from a user, wherein the at least one electronic querycomprises: a) at least one of: a plurality of personal event dataparameters of at least one personal event or at least one demographicidentifier, and b) a plurality of reference event data parameters of atleast one reference event, wherein the plurality of reference event dataparameters of the at least one reference event comprises a plurality oftime-related property data parameters for at least one time-relatedproperty of the at least one reference event; assign, by the computerprocessor, an anonymity level to the user; identifying, in response tothe at least one electronic query, a matched subset of matched datarecords for a number of real individuals from a plurality of electronicdata records stored in at least one electronic source, based at least inpart on: a) the anonymity level of the user, b) the at least onepersonal event, and c) the at least one reference event; wherein theplurality of electronic data records comprises real identificationidentifiers of real individuals; generating, by the computer processor,based at least in part on the matched subset, a plurality ofnon-reversible synthetic electronic data records of a plurality ofsynthetic individuals by at least one of: self-recalculation of discretevalues of the matched subset and or self-transformation of categoricalvalues of the matched subset; generating, by the computer processor, atleast one comparison report that analyzes all pairs of variables betweenthe matched subset and the plurality of non-reversible syntheticelectronic data records of the plurality of synthetic individuals toconfirm that the plurality of non-reversible synthetic electronic datarecords of the plurality of synthetic individuals is statisticallyrepresentative of the matched subset; wherein the plurality ofnon-reversible synthetic electronic data records of the plurality ofsynthetic individuals is unsuitable to be utilized to identify any realindividual from the matched subset so as to protect privacy of the realindividuals associated with the matched subset; and wherein eachrespective synthetic identification identifier of the plurality ofnon-reversible synthetic electronic data records of the plurality ofsynthetic individuals corresponds to at least one real identificationidentifier of a real individual in the matched subset so as to avoid ageneralization of the matched subset.
 10. The method of claim 9, whereinthe anonymity level is assigned based at least in part on an entityaffiliation of the user.
 11. The method of claim 9, wherein theself-recalculation, the self-transformation, or both are based on aconditional probability methodology.
 12. The method of claim 9, whereinthe at least one comparison report is generated based at least in parton Pearson's correlation for each pairs of variables.
 13. The method ofclaim 9, wherein the plurality of electronic data records are aplurality of electronic medical records.
 14. The method of claim 9,wherein the method further comprises: conduct, based at least in part onthe at least one electronic query, by the computer processor, at leastone at least one real-time electronic negotiation querying session withthe user; wherein the at least one real-time electronic negotiationquerying session allows the user to iteratively adjust the plurality ofpersonal event data parameters of the at least one personal event and atleast one of the at least one demographic identifier and the pluralityof reference event data parameters of the at least one reference eventso that, based on the anonymity level of the user, the matched subsetcontains a minimal desired number of real individuals associated withthe plurality of electronic data records of the at least one electronicsource matching the at least one personal event and the at least onereference event.
 15. The method of claim 9, wherein the plurality ofnon-reversible synthetic electronic data records of the plurality ofsynthetic individuals are self-compliant to at least one privacy policy.16. The method of claim 15, wherein each respective syntheticidentification identifier is a de-identification identifier that isrequired, based on the at least one privacy policy, to be removed fromthe matched subset when the matched subset would be outputted to theuser.